[jboss-jira] [JBoss JIRA] (JBAS-9533) JBOSS Not creating new session id for session.getSession(true)
Altaf Hussain (JIRA)
jira-events at lists.jboss.org
Tue Apr 9 06:26:44 EDT 2013
Altaf Hussain created JBAS-9533:
-----------------------------------
Summary: JBOSS Not creating new session id for session.getSession(true)
Key: JBAS-9533
URL: https://issues.jboss.org/browse/JBAS-9533
Project: Application Server 3 4 5 and 6
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Security
Affects Versions: JBossAS-4.2.0.GA
Environment: Unix
Reporter: Altaf Hussain
Assignee: Anil Saldhana
Priority: Critical
I am using JBOSS 4.2 GA. I am able to fix the session id on the application server. JBOSS is not validating the JSESSIONID value, whether it is generated by itself or not. So, i thought of explicitly invalidating the existing session and create a new session using httpServletRequest.getSession(true) during the login action.JBOSS still returns the old jsession id .
Is this a limitation in jboss??? I also checked the emptySessionPath in server.xml and the value is "true" for HTTP,HTTPS and AJP Connectors.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list